Establishing Trust at Scale

Presented by Google & Carahsoft

State and local governments are under increasing pressure to modernize quickly while maintaining the highest levels of security, compliance, and public trust. In this episode of State Gov Today, leaders from across government and industry explore how standardized frameworks, shared services, and modern security strategies are helping agencies accelerate cloud adoption without increasing risk. From GovRAMP’s role in streamlining authorization to the growing importance of zero trust and continuous monitoring, this episode highlights how trust is being built—and scaled—across the public sector.

Building a Foundation for Trust Through GovRAMP and Zero Trust

As state and local governments navigate rapid digital transformation, the need for consistent, scalable approaches to security and compliance has never been greater. Tony Sauerhoff, Chief AI & Innovation Officer and State CIO for Texas and Board President of GovRAMP, Bernice Russell-Bond, State Chief Information Security Officer for North Carolina, and Leah McGrath, Executive Director of GovRAMP, outline how trust frameworks are becoming essential to modernization efforts.

At the center of the conversation is GovRAMP, which provides a standardized approach for assessing and authorizing cloud service providers. For Sauerhoff, the value of GovRAMP starts with its mission—helping governments of all sizes access secure, vetted solutions. In a state like Texas, with thousands of local entities that lack the resources to conduct their own risk assessments, a shared assurance model is not just efficient—it is essential.

Russell-Bond emphasizes that North Carolina’s adoption of GovRAMP reflects a broader shift from reactive cybersecurity to a proactive, continuous monitoring approach. Rather than relying on point-in-time assessments, her team is focused on maintaining ongoing visibility into vendor risk. This shift allows agencies to respond faster to emerging threats while reducing duplication of effort across departments.

McGrath highlights the collaborative nature of state and local government, noting that innovation often comes from shared challenges and shared solutions. With limited budgets, workforce shortages, and increasing cyber threats, agencies are finding strength in common frameworks that allow them to “verify once and reuse many.” This approach not only reduces procurement timelines but also enables agencies to focus their internal teams on managing risk instead of simply checking compliance boxes.

A major theme across the discussion is efficiency—not just in procurement, but in how cybersecurity teams operate. By leveraging GovRAMP, agencies can shift their personnel away from repetitive assessments and toward higher-value decision-making. This creates a more strategic security posture while also improving speed to deployment.

The conversation also explores the importance of “security by design” and “privacy by design.” Russell-Bond explains that embedding security requirements early in the development process avoids costly rework and delays. By establishing clear baselines and involving cybersecurity teams from the outset, agencies can deliver secure services faster and more consistently.

Zero trust emerges as another critical pillar. Sauerhoff and Russell-Bond both stress that zero trust is not a single technology but a cultural and operational shift. It requires continuous verification, strong identity controls, and a move away from perimeter-based security models. When paired with cloud adoption and frameworks like GovRAMP, zero trust becomes more achievable and scalable across diverse environments.

Ultimately, the panel underscores that trust is built on strong foundations. As technologies evolve—from cloud to AI—those foundational controls remain constant. By aligning on baseline security practices and leveraging shared frameworks, state and local governments can modernize with confidence while protecting the citizens they serve.

Key Takeaways

• Standardized frameworks like GovRAMP enable faster, more efficient cloud adoption by reducing redundant security assessments
• Continuous monitoring and shared authorization models shift agencies from compliance-focused to risk-focused operations
• Zero trust and security-by-design principles are essential to building scalable, long-term trust in modern government systems

Accelerating Modernization Through Secure Cloud Frameworks

Keith Haugrud, Head of Security Sales for SLED at Google Public Sector, discusses how state and local governments can balance the urgency of modernization with the need to maintain strong security and compliance standards.

Across the country, agencies are facing a “sea change” in technology expectations. Many are still operating legacy systems that are decades old, yet they are now expected to deliver digital services quickly and securely. Cloud adoption has become the primary path forward, but compliance requirements have often been viewed as a barrier to speed.

Haugrud argues that this perception is changing. Frameworks like FedRAMP and GovRAMP are helping agencies move faster by providing pre-validated security controls. Instead of slowing innovation, these frameworks allow organizations to adopt cloud solutions with greater confidence while reducing risk.

A key development is the rise of continuous monitoring. Rather than relying on one-time authorizations, agencies can now gain real-time visibility into vulnerabilities and system health. This enables faster remediation and creates a more dynamic, responsive security posture.

Zero trust is also playing an increasingly important role. Haugrud describes security as a “layer cake,” where multiple technologies—identity management, access controls, and secure browsing—work together to protect systems and data. As awareness of zero trust grows in the state and local market, agencies are beginning to integrate these principles into their broader modernization strategies.

Artificial intelligence adds another layer of opportunity. By connecting data across legacy systems, AI can help agencies deliver more seamless and responsive services to citizens without requiring a complete overhaul of existing infrastructure.

At the same time, evolving federal mandates are pushing agencies to rethink service delivery timelines. Cloud-based solutions allow systems to be updated and deployed in weeks rather than years, enabling governments to meet new requirements more effectively.

Looking ahead, Haugrud sees continued evolution in how compliance frameworks adapt to emerging technologies like AI. While the future remains uncertain, the core value of these frameworks remains clear: they provide a scalable foundation for secure innovation.

Key Takeaways

• Compliance frameworks like FedRAMP and GovRAMP can accelerate—not hinder—cloud adoption
• Continuous monitoring and zero trust are reshaping how agencies manage risk in real time
• AI and cloud technologies enable modernization while extending the life and value of legacy systems